Security, Privacy and Resilience: Difference between revisions
Oliverpfaff (talk | contribs) No edit summary |
Oliverpfaff (talk | contribs) No edit summary |
||
| Line 1: | Line 1: | ||
This is the landing page for work on security and privacy (short: SP) in the WoT IG. | |||
== Working Hypotheses == | == Working Hypotheses == | ||
Initial working hypotheses on WoT security and privacy are: | Initial working hypotheses on WoT security and privacy are: | ||
| Line 25: | Line 26: | ||
* Business to Business: the case of „capital or investment goods“ as e.g. WoT devices (such as: industrial controllers) which needs to be covered by [[Security&Privacy Requirements Catalogue]], [[Security&Privacy Mechanism Candidates]], [[Security&Privacy Advanced Concepts]] | * Business to Business: the case of „capital or investment goods“ as e.g. WoT devices (such as: industrial controllers) which needs to be covered by [[Security&Privacy Requirements Catalogue]], [[Security&Privacy Mechanism Candidates]], [[Security&Privacy Advanced Concepts]] | ||
* WoT Devices: similar as for Web of Things Framework | * WoT Devices: similar as for Web of Things Framework | ||
==Conf Calls== | |||
[IG-SP] conf calls happen in a biweekly schedule starting Aug, 20, 2015. I.e. in the weeks with even numbers throughout calender year 2015 | |||
During these weeks conf calls are conducted on Thurs at [http://www.worldtimebuddy.com/?qm=1&lid=8,12,1850147,100&h=2&date=2015-8-20&sln=6-7.5 14:00 - 15:30 BST / 15:00 - 16:30 CEST / 6:00 - 7:30 PDT / 22:00 - 23:30 JST], [https://mit.webex.com/mit/j.php?MTID=m0339f31ea9c8135f874f993c8d6bd231 webex], host key 353799 | |||
Revision as of 06:17, 25 August 2015
This is the landing page for work on security and privacy (short: SP) in the WoT IG.
Working Hypotheses
Initial working hypotheses on WoT security and privacy are:
- There will be no one-size-fits-all solution for security and privacy it WoT – the given use cases and constraints do vary too much along WoT scenarios
- Work does not start on an empty page – there are existing patterns, (standard) protocols, mechanisms, components that can be re-used (with or without adaptation)
- Work can not assume to find reusables for every WoT security and privacy requirement – the set of available offerings will have whitespots
- Rather than a (single, normative) reference architecture for WoT security and privacy there will be a suite of artifacts from which WoT products/projects will serve themselves. Think of this suite as a chocolate box ;-)
-
Chocolate Box
Deliverables
The proposed work items and deliverables for a first phase (say 3-4 months) of WoT IG work on security and privacy are:
- Security&Privacy Glossary: a means of housekeeping among the security and privacy contributors in the W3C IG WoT, not as deliverable to an external audience
- Security&Privacy References: another means of housekeeping among the security and privacy contributors in the W3C IG WoT, not as deliverable to an external audience
- Security&Privacy Challenges: traditional Web and office IT established practices in security and privacy but it is not sufficient to just translate them to to WoT. This deliverable identifies challenges that drive security and privacy in WoT
- Security&Privacy Requirements Catalogue: a service document for the use case authors/owners in the WoT IG
- Landscape of Security&Privacy Means: surveys the landscape of security&privacy means for WoT.
- Security&Privacy Advanced Concepts: complements the atomic view of the requirements catalogue and mechanism candidates with a composite view. This addresses notions such as end-to-end security
The work items and deliverables for a subsequent phase remain to-be-defined
Other Task Forces
Work on WoT security and privacy will be conducted in close interactions with other WoT IG task forces:
- Use cases and requirements across business sector: our “customer”, using Security&Privacy Mechanism Candidates
- Liaison with external organisations: our „suppliers“, underpinning “eligible bodies” in Security&Privacy Mechanism Candidates
- Web of Things Framework: a WoT security and privacy framework builds upon Security&Privacy Requirements Catalogue, Security&Privacy Mechanism Candidates, Security&Privacy Advanced Concepts and obviously need to match the overall WoT framework
- Business to Consumer: the case of „consumer goods“ as e.g. WoT devices (such as: health wristband) which needs to be covered by Security&Privacy Requirements Catalogue, Security&Privacy Mechanism Candidates, Security&Privacy Advanced Concepts
- Business to Business: the case of „capital or investment goods“ as e.g. WoT devices (such as: industrial controllers) which needs to be covered by Security&Privacy Requirements Catalogue, Security&Privacy Mechanism Candidates, Security&Privacy Advanced Concepts
- WoT Devices: similar as for Web of Things Framework
Conf Calls
[IG-SP] conf calls happen in a biweekly schedule starting Aug, 20, 2015. I.e. in the weeks with even numbers throughout calender year 2015 During these weeks conf calls are conducted on Thurs at 14:00 - 15:30 BST / 15:00 - 16:30 CEST / 6:00 - 7:30 PDT / 22:00 - 23:30 JST, webex, host key 353799